Feeds

Snowden's secure email provider Lavabit shuts down under gag order

Won't be 'complicit in crimes against the American people'

Internet Security Threat Report 2014

Lavabit, the security-conscious email provider that was the preferred email service of NSA leaker Edward Snowden, has closed its doors, citing US government interference.

"I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," founder Ladar Levison said in a statement posted to the company's homepage on Thursday. "After significant soul searching, I have decided to suspend operations."

Prior to its closure, Lavabit was a dedicated email service that offered subscribers "the freedom of running your own email server – without the hassle or expense."

In addition to a variety of flexible configuration options, the service boasted that all email stored on its servers was encrypted using asymmetric elliptical curve cryptography, in such a way that it was impossible to discern the contents of any email without knowing the user's password.

As a whitepaper posted to the company's website (now removed, but available from the Internet Archive) observed:

Our goal was to make invading a user's privacy difficult, by protecting messages at their most vulnerable point. That doesn't mean a dedicated attacker, like the United States government, couldn't intercept the message in transit or once it reaches your computer.

Our hope is the difficulty associated with those strategies means they will only be used by governments on terrorists and scammers, not on honest citizens.

It now seems, however, that Levison's hope was just wishful thinking. Without going into details, his statement on Thursday made plain that pressure from the US government was behind his decision to shutter Lavabit.

"I feel you deserve to know what's going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this," Levison wrote. "Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."

Under current US law, requests for information by US intelligence agencies often carry a gag order that forbids the party receiving the request from disclosing what information was requested, or even that a request was made at all.

The gag orders can be challenged by appealing to the shadowy Foreign Intelligence Surveillance Court (FISC), which operates in complete secrecy, but such appeals are seldom granted.

Not even Google or Microsoft – each of which, it must be said, has far deeper pockets than Lavabit – has managed to challenge the surveillance orders. Both companies were named by Snowden as having turned over user data to government spies under the secretive PRISM program, but the FISC won't allow them to reveal to the public what they may or may not have actually disclosed.

Little wonder, then, that Levison's "appropriate requests" have similarly been denied.

The Lavabit founder says he next plans to challenge the government's ruling in the US Fourth Circuit Court of Appeals. A favorable ruling, he says, would allow him to "resurrect Lavabit as an American company" – though he doesn't appear to hold out much hope.

"This experience," Levison wrote, "has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States." ®

Intelligent flash storage arrays

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.